It listened on localhost only, but was exploitable through DNS rebinding (see article above)
Wow, Visual Studio Code (1.19.0 to 1.19.2) was silently listening on 9333/tcp. It was a debug port with obvious RCE! https://medium.com/0xcc/visual-studio-code-silently-fixed-a-remote-code-execution-vulnerability-8189e85b486b #vulnerability
Cool little trick, simple persistence technique to stay hidden from autoruns.exe (using the RunOnceEx registry key) https://oddvar.moe/2018/03/21/persistence-using-runonceex-hidden-from-autoruns-exe/ #DFIR #redteam
PSA: OTR *does not* encrypt file transfers
Frankly, this is actually sad and quite useless, no more subreddit? DNM users will just use another service to share insights.
I bet undercover police officers are mad about this https://motherboard.vice.com/en_us/article/ne9v5k/reddit-bans-subreddits-dark-web-drug-markets-and-guns #DarkNet #intelligence #privacy
That makes sense, because stopping at that moment they would have betrayed themselves? Tough decision but good call
The DNS madness: 185 RFCs totaling 2781 pages. That is why nobody can fully understand DNS and all the extensions 😱 https://datatracker.ietf.org/meeting/101/materials/slides-101-dnsop-sessa-the-dns-camel-00 (PDF) #DNS https://t.co/QeVmw11rbc
Recovering plaintext passwords from Azure Windows VMs (PoC) https://github.com/guardicore/azure_password_harvesting #forensics #redteam
Vintage opsec posters (WW2 or Cold War era) are actually pretty cool, unique art style.
Russia military recently issued a few posters covering new modern threats https://southfront.org/information-security-posters-in-russian/
Protecting Against HSTS Abuse https://webkit.org/blog/8146/protecting-against-hsts-abuse/ #appsec #webapp